Test that /data is properly labeled
Data outside of /data/vendor should have the core_data_file_type.
Exempt data_between_core_and_vendor for some types.
Ensure core_data_file_type and coredomain_socket do not get expanded
to their underlying types.
Test: build sepolicy for all targets in master (this is a build time
test)
Bug: 34980020
Change-Id: I59387a87875f4603a001fb03f22fa31cae84bf5a
(cherry picked from commit bdd454792d52719f3b8b1fe8c3fd08cb13a393f1)
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index 275debb..ea9ba10 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -23,6 +23,10 @@
def TestVendorTypeViolations(pol):
return pol.AssertPathTypesHaveAttr(["/vendor/"], [], "vendor_file_type")
+def TestCoreDataTypeViolations(pol):
+ return pol.AssertPathTypesHaveAttr(["/data/"], ["/data/vendor/",
+ "/data/vendor_ce/", "/data/vendor_de/"], "core_data_file_type")
+
###
# extend OptionParser to allow the same option flag to be used multiple times.
# This is used to allow multiple file_contexts files and tests to be
@@ -40,7 +44,9 @@
else:
Option.take_action(self, action, dest, opt, value, values, parser)
-Tests = ["TestDataTypeViolators"]
+Tests = ["TestDataTypeViolators", "TestSysfsTypeViolations",
+ "TestDebugfsTypeViolations", "TestVendorTypeViolations",
+ "TestCoreDataTypeViolations"]
if __name__ == '__main__':
usage = "sepolicy_tests -l $(ANDROID_HOST_OUT)/lib64/libsepolwrap.so "
@@ -87,6 +93,8 @@
results += TestDebugfsTypeViolations(pol)
if options.test is None or "TestVendorTypeViolations" in options.test:
results += TestVendorTypeViolations(pol)
+ if options.test is None or "TestCoreDataTypeViolations" in options.test:
+ results += TestCoreDataTypeViolations(pol)
if len(results) > 0:
sys.exit(results)